Explore the intricacies of Microsoft's User Access Logs (UAL) on Windows Servers in this 32-minute conference talk from OSDFCon 2021. Delve into authentication information, record retention periods, IP/MAC address details, daily authentication counts, and authentication categories. Learn about a parsing tool created by Brian Moran and discover how these logs can be utilized in digital forensics and incident response. Join Brian Moran, a seasoned digital forensic analyst, and Kevin Stokes, a Lead Specialist in KPMG's Cyber Response Services, as they share their extensive experience in the cybersecurity field. Gain insights into KStrike, including a Mac demo, and explore other UAL parsing options. Understand the real-world benefits and goals of UAL analysis in digital forensics investigations.
Overview
Syllabus
Introduction
About Brian and Kevin
KStrike
KStrike Mac Demo
Other UAL parsing options
Real world benefits
Goals
Special Thanks
Questions
Taught by
BasisTech
